一键关闭服务器危险端口BAT文件安防篇
一键防勒索NSA,关闭服务器危险端口,135,137,138,139,445,593,1024
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
@echo off color 1f title 一键防勒索NSA Fooher.com echo. echo. echo 本批处理用于启动系统的防火墙并关闭常见的危险端口 echo. echo 运维天涯 fooher.com 你不过如此制作 echo. pause cls echo 正在启动防火墙 请稍候… sc config SharedAccess start= auto >nul net start SharedAccess >nul echo 防火墙已经成功启动 echo. echo 正在关闭常见的危险端口 请稍候… echo. echo 正在关闭135端口 请稍候… netsh advfirewall firewall add rule name=135 protocol=TCP dir=in localport=135 action=block echo 正在关闭137端口 请稍候… netsh advfirewall firewall add rule name=137 protocol=TCP dir=in localport=137 action=block echo 正在关闭138端口 请稍候… netsh advfirewall firewall add rule name=138 protocol=TCP dir=in localport=138 action=block echo 正在关闭139端口 请稍候… netsh advfirewall firewall add rule name=139 protocol=TCP dir=in localport=139 action=block echo 正在关闭445端口 请稍候… netsh advfirewall firewall add rule name=445 protocol=TCP dir=in localport=445 action=block echo 正在关闭593端口 请稍候… netsh advfirewall firewall add rule name=593 protocol=TCP dir=in localport=593 action=block echo. echo 常见的危险端口已经关闭 echo. REM 对445端口进行过滤 只允许部分主机访问 netsh ipsec static add policy name=foohercom netsh ipsec static add filterlist name=deny REM 添加筛选器到IP筛选器列表(不让别人访问) netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA445 dstport=135 protocol=tcp mirrored=yes netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA137 dstport=137 protocol=tcp mirrored=yes netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA138 dstport=138 protocol=tcp mirrored=yes netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA139 dstport=139 protocol=tcp mirrored=yes netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA445 dstport=445 protocol=tcp mirrored=yes netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=防勒索NSA593 dstport=593 protocol=tcp mirrored=yes REM 添加筛选器操作 netsh ipsec static add filteraction name=deny action=block REM 创建一个链接指定 IPSec 策略、筛选器列表和筛选器操作的规则(加入规则到我的安全策略) netsh ipsec static add rule name=拒绝规则 policy=foohercom filterlist=deny filteraction=deny REM 激活我的安全策略 netsh ipsec static set policy name=foohercom assign=y echo. echo By: 运维天涯 echo. echo. echo. echo 按任意键退出 pause>nul |
